Unpatched Vulnerabilities Enable Adobe Flash Zero-Day

Source: Infosecurity Magazine 14 Dec 2018

Adobe has issued security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS after another active exploitation of a zero-day vulnerability in Adobe Flash via a Microsoft Office document was identified.

The critical vulnerability (CVE-2018-15982) exists in the wild and could lead to arbitrary code execution and privilege escalation, according to the advisory.

According to Gigamon’s applied threat research team, the vulnerability “allows for a maliciously crafted Flash object to execute code on a victim’s computer, which enables an attacker to gain command line access to the system. The document was submitted to VirusTotal from a Ukranian IP address and contains a purported employment application for a Russian state healthcare clinic.”